42 matches found
EUVD-2025-4585
Malicious code in bioql PyPI...
EUVD-2024-1823
Malicious code in bioql PyPI...
EUVD-2024-20124
Malicious code in bioql PyPI...
Directory Traversal
Overview kwik is a Fast, batteries-included, business-oriented, opinionated REST APIs framework Affected versions of this package are vulnerable to Directory Traversal via the kwik.utils.files.storefile function due to improper validation of directory containment in the file upload helper, which...
CVE-2025-23020
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
Kwik hash collision vulnerability
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
GHSA-9F57-9RHG-4HVM Kwik hash collision vulnerability
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)
tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...
CVE-2025-23020
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
CVE-2025-23020
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the hash table used to manage connections. An attacker can cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs SCIDs. Remediation Upgrade...
com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)
tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...
Kwik 安全漏洞
Kwik is a client and server that implements the QUIC protocol RFC 9000 by the individual developer Peter Doornbosch in the Netherlands. A security vulnerability exists in Kwik prior to version 0.10.1, which stems from the inclusion of a hash conflict vulnerability. A remote attacker could exploit...
CVE-2025-23020
CVE-2025-23020 describes a hash collision vulnerability in Kwik before 0.10.1. The issue arises in the hash table used to manage connections, allowing remote attackers to induce a Hash DoS by sending connections with colliding Source Connection IDs, causing considerable CPU load. Affected softwar...
CVE-2025-23020
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
CVE-2025-23020
An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
PT-2025-7544 · Kwik · Kwik
Name of the Vulnerable Software and Affected Versions: Kwik versions prior to 0.10.1 Description: A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source...
CVE-2024-22588
Kwik commit 745fd4e2 does not discard unused encryption keys...
CVE-2024-22590
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established...
CVE-2024-22590
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established...